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Top Stories 

• Thirteen suspects were indicted in federal court August 7 for allegedly operating a major 
counterfeit currency ring that distributed over $77 million in fake bills in several States 
since at least 1999. - Bloomberg News (See item 6) 

• A hunter was charged August 7 with starting the August 2013 Rim Fire which burned over 
250,000 acres in California, injured 10 people, and damaged over 100 structures. - Los 
Angeles Times (See item 20) 

• Kaspersky Lab identified the infection methods used in the Epic Turla cyber-espionage 
campaign that targeted military organizations, government agencies, education institutions, 
and pharmaceutical companies in over 45 countries. - Securityweek (See item 27) 

• Accuvant announced that up to 2 billion smartphone handsets are at risk for over the air 
hijacking which can be exploited through the Open Mobile Alliance Device Management 
protocol, used by approximately 100 mobile phone manufacturers. - The Register (See 
item 30) 
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Energy Sector 



1. August 7, Associated Press - (Illinois) NRG Energy to close 1 Illinois coal unit, 
convert facility to reduce carbon emissions. NRG Energy Inc., announced August 7 
that it will close Will County Unit 3, one of its two coal-fired generating units in 
Romeo ville in April 2015 and convert a power facility in Joliet to natural gas in 2016 in 
order to reduce carbon dioxide emissions. 

Source: 

http://www.greenfieldreporter.eom/view/storv/9420dl2a77c54a0faf2be04ddbe8e855/I 
L— Tllinois-Coal-Plants 
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Chemical Industry Sector 

2. August 8, Farmington Daily Times - (New Mexico) Semitrailer with hazardous 
materials explodes. Authorities are investigating after a semi-truck carrying hazardous 
chemicals exploded on U.S. Highway 491 in Naschitti August 7, prompting the several- 
hour closure of the highway. An evacuation order for residents living within a 2-mile 
radius of the crash site was lifted after about 3 hours. 

Source: http://www.daily-times.com/News/ci 262933 12/Semitrailer- with-hazardous- 
materials-explodes 

3. August 8, WZZM 13 Grand Rapids - (Michigan) Fire causes evacuation at Holland 
plant. Authorities believe a fire that started in a piece of machinery and spread to a 
ventilation system was the cause of a several hour evacuation of the Uniform Color 
Company plant in Holland, Michigan, August 8. 

Source: http : //www. wzzm 1 3 . com/s tory/ new s/loc al/holland- 
zeeland/20 1 4/08/08/holland-plant- fire-uniform-color/ 13763707/ 

4. August 7, WCAU 10 Philadelphia - (Pennsylvania) MontCo building fire sparks 
Hazmat situation. Two workers were injured in a chemical fire that broke out inside a 
Penn Color Inc., colorant facility in Hatfield August 7. Firefighters brought the blaze 
under control and the incident is under investigation. 

Source: http://www.nbcphiladelphia.com/news/local/Hamat-270421011.html 
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Nuclear Reactors, Materials, and Waste Sector 

Nothing to report 
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Critical Manufacturing Sector 

5. August 7, U.S. Department of Labor - (Ohio) US Department of Labor’s OSHA cites 
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Exel Inc. for unsafe forklift operation at Toledo, Ohio, auto parts warehouse. The 

Occupational Safety and Health Administration cited Exel Inc., for one repeat and two 
serious safety violations at its Toledo automotive parts distribution center and 
warehouse for exposing workers to hazards due to improper forklift operation. 
Proposed fines totaled $52,500. 

Source: 

https://www.osha.gov/pls/oshaweb/owadisp.show document?p table=NEWS RELEA 
SES&p id=26499 



T Return to top i 



Defense Industrial Base Sector 

See item 27 
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Financial Services Sector 

6. August 7, Bloomberg News - (International) U.S. charges 13 with spreading $77 
million in fake bills. Thirteen suspects arrested by U.S. Secret Service agents in May 
and June were indicted in federal court August 7 for allegedly operating a major 
counterfeit currency ring that distributed over $77 million in fake bills in several States 
along the East Coast since at least 1999. The fake bills were believed to have been 
manufactured in Israel, and the group allegedly established a counterfeit bill printing 
press in New Jersey in January 2014. 

Source: http://www.businessweek.com/news/2014-08-Q7/u-dot-s-dot-charges-13-with- 
spreading-77-million-in-fake-bills 

7. August 7, Miami Herald - (Florida) TotalBank responds to computer security 
breach. Miami-based TotalBank notified 72,500 customers after an investigation 
revealed that unauthorized individuals may have accessed the bank’s systems and 
obtained customer names, account numbers, addresses, account balances, and other 
personal information. The bank stated that it took action to secure its systems and is 
continuing to investigate. 

Source: http://www.miamiherald.com/2014/08/07/4277318/totalbank-responds-to- 
computer.html 

8. August 7, IDG News Service - (International) Some mobile POS devices still affected 
by critical flaws months after patch. A researcher with MWR InfoSecurity and a 
colleague presenting at the Black Hat 2014 conference detailed how flaws in mobile 
point of sale (mPOS) devices from several manufacturers may be vulnerable to being 
taken over by attackers using customized smart cards in order to steal the payment card 
information read by the devices. The researchers reported the flaws previously and a 
patch for the EMV library was released in April, but some vendors have yet to push out 
the update to their devices, leaving the devices vulnerable. 

Source: http://www.networkworld.com/article/2463081/security/some-mobile-pos- 
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devices-still-affected-by-critical-flaws-months-after-patch.html 
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Transportation Systems Sector 

9. August 8, WNBC 4 New York City - (New York) Train evacuated after derailment 
on Staten Island: MTA. The last car of a 4-car Metropolitan Transportation Authority 
train derailed as it approached the St. George Terminal in Staten Island August 7 
prompting authorities to evacuate the 90 customers on board and shut down service for 
repairs. The railway operated limited local service through August 8. 

Source: http://www.nbcnewvork.com/news/local/Train-Derail-Staten-Island-Ferry- 
Police-Emergenc y-27036364 1 .html 

10. August 8, KMOV 4 St. Louis - (Missouri) Six injured after propane explosion in 
north St. Louis. Six workers were injured in an explosion due to a leak from a propane 
tank being switched out on a for kl ift being used to move hazardous materials at SAIA 
Motor Freight Line in St. Louis August 7. 

Source: http://www.krnov.com/news/local/Lirefighters-bive-iniured-after-propane- 
explosion-in-north-St-Louis-27 04 1 942 1 .html 

1 1 . August 7, KBMT 12 Beaumont - (Texas) 1-10 reopened after acid spill shut down 
stretch of highway for nearly 8 hours. Two people were injured in an accident 
involving two semi-trucks and a car August 7 that prompted a stretch of eastbound 
Interstate 10 in Beaumont to shut down for nearly 8 hours and reopen August 8. 

Source: http://www.12newsnow.com/story/26227779/acid-spill-shuts-down-eastbound- 
lanes-of-interstate- 1 0-in-beaumont 



Lor additional stories, see items 2 and 19 
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Food and Agriculture Sector 

12. August 8, KMGH 7 Denver - (Colorado) Fort Collins restaurant Tortilla Marissa's 
reopens after Hepatitis A outbreak. Tortilla Marissa’s North of the Border Cafe in 
Lort Collins, the restaurant linked to a possible Hepatitis A outbreak, will reopen 
August 9 after it voluntarily closed for 6 weeks to undergo a deep clean and inspection 
by the Larimer County Department of Health. Hundreds of patrons received 
vaccination shots after a worker at the restaurant tested positive for Hepatitis A in June. 
Source: http://www.thedenverchannel.com/news/local-news/fort-collins-restaurant- 
tortilla-marissas-reopens-after-hepatitis-a-outbreak 

13. August 7, Associated Press - (Wisconsin) Manure digester explosion sparks fire. 
Officials believe an explosion that destroyed the $250,000 nylon inflatable roof of a 
1.25-million gallon manure digester at the Clear Horizons LLC biodigester near 
Waunakee was caused by the ignition of methane gas when an employee started an 
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electric blower. The digester was taken offline indefinitely while authorities investigate 
and determine if the biodigester is safe to resume operations. 

Source: http://www.twincities.com/localnews/ci 26296885/manure-digester-explosion- 
sparks-fire 

14. August 7, Mississippi Press - (Mississippi) Omega Protein resumes operation at 
Moss Point plant after fatal explosion. Normal operations resumed August 6 at the 
Omega Protein fish processing facility in Moss Point following a comprehensive 
inspection of the facility’s equipment. One subcontractor was killed and three others 
were injured July 28 when a fish oil storage tank inside the plant exploded. 

Source: http://blog.gulflive.com/mississippi-press- 

news/20 14/08/omega protein resumes operatio.html 

15. August 6, KCAU 9 Sioux City - (Nebraska) Laurel man dies in grain bin accident. A 
worker that was trying to break corn loose in a grain bin near Dixon, Nebraska, died 
August 5 when he was submerged by the released com. 

Source: http://www.siouxlandmatters.com/storv/d/story/man-dies-in-grain-bin- 
accident-in-dixon-co/16330/iZbeV2Up9EW8iHcIb8Vngg 
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Water and Wastewater Systems Sector 

16. August 7, Salt Lake Tribune - (Utah) Grand County wastewater firm agrees to pay 
Utah a $50,000 fine. Danish Flats Environmental Services agreed to pay $50,000 to 
Utah to resolve Grand County’s allegations that it build and operated evaporation 
ponds without permits from the Utah Division of Air Quality (DAQ). The company 
was issued an approval order for its operations August 4 by the DAQ. 

Source: http://www.sltrib.com/sltrib/politics/58267844-90/danish-flats-oil-gas.html.csp 

For another story, see item 21 
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Healthcare and Public Health Sector 

17. August 8, KJRH 2 Tulsa - (Oklahoma) St. John Medical Center evacuates basement 
occupants as a result of a bleach spill. Patients and employees at Mary K. Chapman 
Health Plaza in Tulsa were evacuated for over 2 hours August 7 after bleach was 
spilled in the basement of the St. John Medical Center building. The building’s HVAC 
system was shut down as a precaution while a HAZMAT crew tested the air quality and 
cleared the scene. 

Source: http://www.kirh.com/news/local-news/chlorine-spill-at-st-iohns-medical- 
center-reports-spill-in-basement 

18. August 7, U.S. Department of Labor - (New York) Corizon Health Inc. cited for 
inadequate workplace violence safeguards at Rikers Island correctional facility in 
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New York. The Occupational Safety and Health Administration cited Corizon Health 
Inc., for knowingly failing to protect employees against workplace violence and assault 
following an inspection of Rikers Island correctional facility in New York City that 
began in February. The administration found an increase in the number of workplace 
violence incidents involving employees and proposed fines totaling $71,000. 

Source: 

https://www.osha.gov/pls/oshaweb/owadisp.show document?p table=NEWS RELEA 
SES&p id=26505 

For another story, see item 27 
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Government Facilities Sector 

19. August 7, Associated Press - (Oregon; Idaho; Washington) Evacuated after Oregon 
fire, some residents return. Evacuation orders for some residents living in Oregon’s 
Columbia Gorge were lifted August 7 while fire crews continued to battle the Rowena 
Fire which grew to 4.1 square miles. Firefighters also worked to contain numerous 
wildfires burning in Idaho and Washington which have combined, burned thousands of 
acres and destroyed several homes and structures. 

Source: http://news.msn.com/us/evacuated-after-oregon-fire-some-residents-return 

20. August 7, Los Angeles Times - (California) Hunter charged with sparking massive 
Rim fire, state’s third-largest. A hunter was charged by a federal grand jury August 7 
with starting a campfire in the Stainislaus National Forest in August 2013 that spread to 
become the Rim Fire burning over 250,000 acres in and around Yosemite National 
Park. The fire left 10 people injured and burned more than 100 structures in addition to 
causing significant environmental damage. 

Source: http://www.latimes.com/local/lanow/la-me-ln-rim-fire-charges-20140807- 
story.html 

For another story, see item 27 
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Emergency Services Sector 

21. August 7, KOVR 13 Stockton - (California) Thousands of gallons of water stolen 
from small town’s fire department. Officials are investigating after thieves stole 
8,000 gallons of water from the North San Juan Fire District in Nevada County by 
driving up to the valve and pumping water out of the water tanks on site. 

Source: http://sacramento.cbslocal.com/2014/08/07/thousands-of-gallons-of-water- 
stolen-from-small-towns-fire-department/ 

22. August 7, WLEX 18 Lexington - (Kentucky) For the second time this week a 
Kentucky fire station burns. The South Hopkins Fire Department facility in 
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Nortonville was destroyed along with five fire trucks that were inside the building after 
a fire broke out August 6, causing an estimated loss of nearly $1 million. Volunteer fire 
departments around the area will cover the South Hopkins district. 

Source: http://www.lexl8.com/news/for-the-second-tirne-this-week-a-kentucky-fire- 
station-bums 



For another story, see item 18 
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Information Technology Sector 

23. August 8, Softpedia - (International) Network access storage devices are highly 
exploitable. A researcher from Independent Security Evaluators presenting at the Black 
Hat 2014 conference reported finding a wide variety of vulnerabilities in network access 
storage (NAS) devices from several manufacturers, including directory traversal, 
command injection, memory corruption, authentication bypass, or back door 
vulnerabilities. 

Source: http://news.softpedia.com/news/Network-Access-Storage-Devices-Are-Highly- 
Exploitable-454103.shtml 

24. August 8, Help Net Security - (International) Critical bug in WordPress plugin 
allows site hijacking. Sucuri researchers identified and reported a vulnerability in the 
Custom Contact Forms plugin for WordPress that could allow attackers to take control 
of sites using the plugin. The developers of Custom Contact Forms published an update 
for the plugin after the issue was published by the WordPress Security team. 

Source: http://www.net-security.org/secworld.php?id=17227 

25. August 8, Help Net Security - (International) Two Gameover Zeus variants targeting 
Europe and beyond. Researchers at Bitdefender identified two Gameover Zeus 
variants in the wild, one botnet primarily targeting the U.S. while the second targets 
Belarus and Ukraine. The first botnet is generating around 1,000 domains per day while 
the second generates 10,000 per day but appears to currently be inactive. 

Source: http://www.net-security.org/malware news.php?id=2833 

26. August 8, Securityweek - (International) Cybercriminals steal cryptocurrency via 
BGP hijacking. Researchers with Dell SecureWorks reported finding cybercriminals 
using fake Border Gateway Protocol (BGP) broadcasts to redirect traffic from 
cryptocurrency mining pools to servers they control, diverting tens of thousands of 
dollars in cryptocurrency. The attackers compromised 51 mining pools hosted on 19 
hosting companies. 

Source: http://www.securityweek.com/cybercriminals-steal-cryptocurrency-bgp- 
hi jacking 



27. August 7, Securityweek - (International) Attackers used multiple zero-days to hit spy 
agencies in cyber-espionage campaign. Kaspersky Lab researchers identified the 
infection methods used in the Epic Turla cyber-espionage campaign (also known as 
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Snake or Uroburos) that targeted intelligence agencies, military organizations, 
government agencies, education institutions, pharmaceutical companies, and research 
groups in over 45 countries. The attackers behind the campaign used several malware 
platforms and zero-day exploits in Windows XP and Server 2003 and Adobe Reader to 
infect systems and then could upgrade the malware with additional capabilities once in 
place. 

Source: http://www.securitvweek.com/attackers-used-multiple-zero-davs-hit-spv- 
agencies-cyber-espionage-campaign 

28. August 7, Dark Reading - (International) Attack harbors malware in images. A 
researcher with Dell SecureWorks reported finding the Lurk malware being distributed 
within a fake digital image as part of a click fraud campaign that infected around 
350,000 systems. The malware in the campaign was spread through iFrames on Web 
sites containing an Adobe Flash exploit, and required victims to have a vulnerable 
version of Adobe Flash that is used to download the fake image file, which contains an 
encrypted URL that downloads a second malicious payload. 

Source: http://www.darkreading.com/endpoint/attack-harbors-malware-in-images/d/d- 
id/1 297867 



29. August 7, Securityweek - (International) Flaws in email and Web filtering solutions 
expose organizations to attacks: Researcher. A researcher at NCC Group presenting 
at the Black Hat 2014 conference published two whitepapers outlining how email and 
Web filtering solutions can be used by attackers in the reconnaissance phase of attacks 
to obtain information on a potential target network if the attackers can determine which 
products or services are being used on the target network. 

Source: http://www.securitvweek.com/flaws-email-and-web-filtering-solutions- 
expose-organizations-attacks-researcher 

For another story, see item 30 

Internet Alert Dashboard 



To report cyber infrastructure incidents or to request information, please contact US-CERT at soc@us-cert.gov or 
visit their Web site: http://www.us-cert.gov 

Information on IT information sharing and analysis can be found at the IT ISAC (Information Sharing and 
Analysis Center) Web site: http://www.it-isac.org 
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Communications Sector 

30. August 8, The Register - (International) ‘Up to two BEEELLION’ mobes easily 
hacked by evil base station. Researchers from the security firm Accuvant announced 
at the Black Hat 2014 conference August 7 that up to 2 billion smartphone handsets are 
at risk for over the air hijacking and abuse which can be exploited through the Open 
Mobile Alliance Device Management (OMA-DM) protocol, used by approximately 
100 mobile phone manufacturers. To access the handsets remotely the hacker only 
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needs to know the handset’s unique International Mobile Station Equipment Identity 
(IMEI) number and a secret token. 

Source: 

http://www.theregister.co.uk/2014/08/08/two billeeon mobile phones easily hackabl 
e with dummy base station/ 
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Commercial Facilities Sector 

31. August 8, Kansas City Star - (Missouri) Children escape injury when Kansas City 
church collapses. Sixty-three children and staff members attending a vacation bible 
school held by Rio de Agua Viva were safely evacuated from a Kansas City church 
August 7 as the building partially collapsed. Authorities believe the structural collapse 
may be a result of heavy rain that caused gutters to clog. 

Source: http://www.kansascitv.com/news/local/articlell64274.html 

32. August 8, WCAU 10 Philadelphia - (Pennsylvania) 1 Hurt, 25 impacted as fire burns 
through Montco apartments. Authorities are investigating after up to 25 residents 
were displaced from about 8 units at the Woods Apartment Complex in Ambler due to 
a fire that tore through the building August 8. One resident was transported to an area 
hospital with symptoms of smoke inhalation. 

Source: http://www.nbcphiladelphia.com/news/local/Woods-Upper-Dublin-Fire- 
270445781.html 

33. August 7, KDFW 4 Dallas - (Texas) Arsonist closes Lancaster Walmart with fake 
flower fire. Authorities are searching for a suspect that was caught on surveillance 
video setting artificial flowers on fire inside a Walmart store in Lancaster, Texas, 
August 5. The building’s sprinkler system was activated by the fire and the store 
remained closed until at least August 8. 

Source: http://www.mvfoxdfw.com/story/26225391/police-lancaster-wal-mart-fire-set- 
by-arsonist 

34. August 7, Wareham Week - (Massachusetts) Two-alarm fire tears through East 
Wareham Home Depot. Firefighters responded August 7 to a Home Depot store in 
East Wareham to extinguish a 2-alarm fire that started near the electrical department of 
the store and caused an estimated $300,000 in damage. The store closed indefinitely 
due to cleanup efforts and an investigation into the cause of the blaze. 

Source: http://wareham-ma.villagesoup.com/p/two-alarm-fire-tears-through-east- 
wareham-home-depot/ 1222908 

35. August 7, Boston Globe - (Massachusetts) Two-alarm fire damages Malden church. 
Fire officials are investigating the cause of a 2-alarm fire that started in a hollow 
column at the First Church in Malden August 7 and caused an estimated $75,000 to 
$100,000 in damage. 

Source: http://www.boston.globe.com/metro/2014/08/07/two-alarm-fire-damages- 
malden-church-and-authorities-are-searching-for- 
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cause/HPWmEirQmPOpHVDgEbYQeL/story.html 



36. August 7, KODE 12 Joplin - (Missouri) Fire destroys Carl Junction United 

Methodist Church. Authorities believe a lightning strike may be responsible for an 
August 7 fire that rendered the Carl Junction United Methodist Church a total loss. 
Source: http://www.fourstateshomepage.com/storv/d/storv/fire-destroys-carl-junction- 
united-methodi s t-churc/7 8607 ZucEpRvNT 4Uigmzt A J i 18 og 
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Dams Sector 



37. August 7, Advance-Monticellonian - (Arkansas) Uake Monticello dam fails 

inspection; city working to fix problems. A report by the Arkansas Natural Resources 
Commission to the city of Monticello showed that the dam at Lake Monticello has 
become eroded in several areas and the upstream slope and downstream slope have 
become densely vegetated concluding that the dam has not been properly maintained 
over the years. The city responded and has begun the process of inspecting the dam and 
correcting the problems. 

Source: http://mvmonticellonews.net/news/article 56aac 1 30- 1 e4a- 1 1 e4-b466- 
Q01a4bcf887a.html 
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About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] 
summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily 
Open Source Infrastructure Report is archived for 10 days on the Department of Homeland Security Web site: 
http://www.dhs.gov/IPDailyReport 

Contact Information 

Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS 

Daily Report Team at (703) 942-8590 

Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow 
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Contact DHS 

To report physical infrastructure incidents or to request information, please contact the National Infrastructure 
Coordinating Center at nicc@hq.dhs.gov or (202) 282-9201. 

To report cyber infrastructure incidents or to request information, please contact US-CERT at soc@us-cert.gov or visit 
their Web page at www.us-cert.gov . 

Department of Homeland Security Disclaimer 

The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform 
personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright 
restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source 
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